Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 3983522e4c73cee892007b53548ab8d773c709fa / src / ssl_sock.c
  1. c5fd15d BUG/MEDIUM: connection: Preserve flags when a conn is removed from an idle list by Christopher Faulet · Thu Mar 16 11:43:05 2023 +0100
  2. c5eaae9 BUG/MINOR: ssl: Use 'date' instead of 'now' in ocsp stapling callback by Remi Tricot-Le Breton · Thu Mar 02 15:49:55 2023 +0100
  3. 52a61cc BUG/MEDIUM: ssl: wrong eviction from the session cache tree by William Lallemand · Tue Jan 31 14:12:28 2023 +0100
  4. d417c25 BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain by Remi Tricot-Le Breton · Thu Dec 15 15:44:37 2022 +0100
  5. 99e4526 BUG/MEDIUM: ssl: Verify error codes can exceed 63 by Remi Tricot-Le Breton · Thu Nov 10 10:48:58 2022 +0100
  6. 2cb86e7 BUG/MINOR: ssl: don't initialize the keylog callback when not required by William Lallemand · Fri Nov 18 15:00:15 2022 +0100
  7. 1583897 BUG/MINOR: ssl: ocsp structure not freed properly in case of error by Remi Tricot-Le Breton · Thu Nov 03 15:16:49 2022 +0100
  8. 172da59 BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer by Remi Tricot-Le Breton · Thu Nov 03 15:16:48 2022 +0100
  9. 64ff81b BUG/MEDIUM: ssl/fd: unexpected fd close using async engine by Emeric Brun · Fri Jul 01 17:36:50 2022 +0200
  10. 17d0caa BUG/MINOR: server/ssl: free the SNI sample expression by William Lallemand · Wed Mar 16 17:48:19 2022 +0100
  11. e8a8aa4 BUILD: fix compilation for OpenSSL-3.0.0-alpha17 by William Lallemand · Wed Jun 02 16:09:11 2021 +0200
  12. f518644 BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl by William Dauchy · Thu Jan 06 16:57:15 2022 +0100
  13. ec3d2d6 BUG/MEDIUM: ssl: free the ckch instance linked to a server by William Lallemand · Thu Dec 30 14:45:19 2021 +0100
  14. 9d11868 BUG/MINOR: ssl: free the fields in srv->ssl_ctx by William Lallemand · Thu Dec 30 11:25:43 2021 +0100
  15. 6338b7d BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server by William Lallemand · Tue Dec 28 18:47:17 2021 +0100
  16. 41736ab BUG/MINOR: ssl: make SSL counters atomic by Willy Tarreau · Mon Nov 22 17:46:13 2021 +0100
  17. 0f2291b BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found by William Lallemand · Thu Nov 18 17:46:26 2021 +0100
  18. 0faf526 CLEANUP: ssl: fix wrong #else commentary by William Lallemand · Thu Nov 18 15:25:16 2021 +0100
  19. c78ac5a BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 by William Lallemand · Wed Nov 17 02:59:21 2021 +0100
  20. 37d6939 BUG/MINOR: ssl: use atomic ops to update global shctx stats by Willy Tarreau · Tue Jun 15 16:39:22 2021 +0200
  21. 1adb439 BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future by Remi Tricot-Le Breton · Wed Jun 09 17:16:18 2021 +0200
  22. ca5cf0a BUILD: make tune.ssl.keylog available again by William Lallemand · Wed Jun 09 16:46:12 2021 +0200
  23. 46697c8 BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine by Remi Tricot-Le Breton · Wed May 12 17:45:21 2021 +0200
  24. 832e242 DEBUG: ssl: export ssl_sock_close() to see its symbol resolved in profiling by Willy Tarreau · Thu May 13 10:11:03 2021 +0200
  25. b205bfd CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages by Willy Tarreau · Fri May 07 11:38:37 2021 +0200
  26. 2b71810 CLEANUP: lists/tree-wide: rename some list operations to avoid some confusion by Willy Tarreau · Wed Apr 21 07:32:39 2021 +0200
  27. ff88270 MINOR: pool: move pool declarations to read_mostly by Willy Tarreau · Sat Apr 10 17:23:00 2021 +0200
  28. 4781b15 CLEANUP: atomic/tree-wide: replace single increments/decrements with inc/dec by Willy Tarreau · Tue Apr 06 13:53:36 2021 +0200
  29. 1db4273 CLEANUP: atomic: add an explicit _FETCH variant for add/sub/and/or by Willy Tarreau · Tue Apr 06 11:44:07 2021 +0200
  30. 8218aed BUG/MINOR: ssl: Fix update of default certificate by Remi Tricot-Le Breton · Wed Mar 17 14:56:54 2021 +0100
  31. fb00f31 BUG/MINOR: ssl: Prevent disk access when using "add ssl crt-list" by Remi Tricot-Le Breton · Tue Mar 23 16:41:53 2021 +0100
  32. f208ac0 CLEANUP: ssl: use pool_zalloc() in ssl_init_keylog() by Willy Tarreau · Mon Mar 22 21:10:12 2021 +0100
  33. b454e90 MINOR: ssl: use pool_alloc(), not pool_alloc_dirty() by Willy Tarreau · Mon Mar 22 15:09:41 2021 +0100
  34. bc5ce92 MEDIUM: connections: Implement a start() method in ssl_sock. by Olivier Houchard · Fri Mar 05 23:47:00 2021 +0100
  35. 1b3c931 MEDIUM: connections: Introduce a new XPRT method, start(). by Olivier Houchard · Fri Mar 05 23:37:48 2021 +0100
  36. 7416314 CLEANUP: task: make sure tasklet handlers always indicate their statuses by Willy Tarreau · Sat Mar 13 11:30:19 2021 +0100
  37. 4c48edb BUG/MEDIUM: ssl: properly remove the TASK_HEAVY flag at end of handshake by Willy Tarreau · Tue Mar 09 17:58:02 2021 +0100
  38. 430bf4a MINOR: server: allocate a per-thread struct for the per-thread connections stuff by Willy Tarreau · Thu Mar 04 09:45:32 2021 +0100
  39. 4149168 MEDIUM: ssl: implement xprt_set_used and xprt_set_idle to relax context checks by Willy Tarreau · Tue Mar 02 17:29:56 2021 +0100
  40. 144f84a MEDIUM: task: extend the state field to 32 bits by Willy Tarreau · Tue Mar 02 16:09:26 2021 +0100
  41. 566cebc BUG/MINOR: ssl: don't truncate the file descriptor to 16 bits in debug mode by Willy Tarreau · Tue Mar 02 19:32:39 2021 +0100
  42. 3bda3f4 CLEANUP: ssl: use realloc() instead of free()+malloc() by Willy Tarreau · Fri Feb 26 21:05:08 2021 +0100
  43. e709e82 CLEANUP: ssl: make ssl_sock_free_srv_ctx() zero the pointers after free by Willy Tarreau · Fri Feb 26 21:06:32 2021 +0100
  44. 01acf56 CLEANUP: ssl: remove a useless "if" before freeing an error message by Willy Tarreau · Fri Feb 26 21:12:15 2021 +0100
  45. 61cfdf4 CLEANUP: tree-wide: replace free(x);x=NULL with ha_free(&x) by Willy Tarreau · Sat Feb 20 10:46:51 2021 +0100
  46. 9205ab3 MINOR: ssl: mark the SSL handshake tasklet as heavy by Willy Tarreau · Thu Feb 25 15:31:00 2021 +0100
  47. 8990b01 MINOR: connection: allocate dynamically hash node for backend conns by Amaury Denoyelle · Fri Feb 19 15:29:16 2021 +0100
  48. f232cb3 MEDIUM: connection: replace idle conn lists by eb trees by Amaury Denoyelle · Wed Jan 06 16:14:12 2021 +0100
  49. 5c7086f MEDIUM: connection: protect idle conn lists with locks by Amaury Denoyelle · Mon Jan 11 09:21:52 2021 +0100
  50. 3ce6eed MEDIUM: ssl: add a rwlock for SSL server session cache by William Lallemand · Mon Feb 08 10:43:44 2021 +0100
  51. 7ff7747 BUILD: ssl: guard SSL_CTX_set_msg_callback with SSL_CTRL_SET_MSG_CALLBACK macro by Ilya Shipitsin · Mon Feb 08 16:55:06 2021 +0500
  52. f00cdb1 BUILD: ssl: guard SSL_CTX_add_server_custom_ext with special macro by Ilya Shipitsin · Sat Feb 06 18:59:22 2021 +0500
  53. 7bbf586 BUILD: ssl: fix typo in HAVE_SSL_CTX_ADD_SERVER_CUSTOM_EXT macro by Ilya Shipitsin · Sat Feb 06 18:55:27 2021 +0500
  54. a84986a BUG/MINOR: ssl: do not try to use early data if not configured by Willy Tarreau · Wed Feb 03 11:21:38 2021 +0100
  55. 0630038 BUG/MEDIUM: ssl: check a connection's status before computing a handshake by Willy Tarreau · Tue Feb 02 15:42:25 2021 +0100
  56. b886849 CLEANUP: ssl: remove dead code in ckch_inst_new_load_srv_store() by William Lallemand · Wed Jan 27 14:42:40 2021 +0100
  57. db26e2b CLEANUP: ssl: make load_srv_{ckchs,cert} match their bind counterpart by William Lallemand · Tue Jan 26 12:01:46 2021 +0100
  58. 795bd9b CLEANUP: ssl: remove SSL_CTX function parameter by William Lallemand · Tue Jan 26 11:27:42 2021 +0100
  59. f3eedfe MEDIUM: ssl: Enable backend certificate hot update by Remi Tricot-Le Breton · Mon Jan 25 17:19:44 2021 +0100
  60. d817dc7 MEDIUM: ssl: Load client certificates in a ckch for backend servers by Remi Tricot-Le Breton · Mon Jan 25 17:19:43 2021 +0100
  61. ec805a3 MINOR: ssl: Certificate chain loading refactorization by Remi Tricot-Le Breton · Mon Jan 25 17:19:42 2021 +0100
  62. 442b7f2 MINOR: ssl: Server ssl context prepare function refactoring by Remi Tricot-Le Breton · Mon Jan 25 17:19:41 2021 +0100
  63. 1fc44d4 BUILD: ssl: guard Client Hello callbacks with HAVE_SSL_CLIENT_HELLO_CB macro instead of openssl version by Ilya Shipitsin · Sat Jan 23 00:09:14 2021 +0500
  64. 4bd5d63 MINOR: ssl/show_fd: report some FDs as suspicious when possible by Willy Tarreau · Thu Jan 21 08:53:50 2021 +0100
  65. 8050efe MINOR: cli: give the show_fd helpers the ability to report a suspicious entry by Willy Tarreau · Thu Jan 21 08:26:06 2021 +0100
  66. 691d503 MINOR: xprt/mux: export all *_io_cb functions so that "show fd" resolves them by Willy Tarreau · Wed Jan 20 14:55:01 2021 +0100
  67. de5675a MINOR: ssl: provide a "show fd" helper to report important SSL information by Willy Tarreau · Wed Jan 20 14:41:29 2021 +0100
  68. 761d64c BUILD: ssl: guard openssl specific with SSL_READ_EARLY_DATA_SUCCESS by Ilya Shipitsin · Thu Jan 07 11:59:58 2021 +0500
  69. ec36c91 BUILD: ssl: guard EVP_PKEY_get_default_digest_nid with ASN1_PKEY_CTRL_DEFAULT_MD_NID by Ilya Shipitsin · Thu Jan 07 11:57:42 2021 +0500
  70. 1e9a666 CLEANUP: assorted typo fixes in the code and comments by Ilya Shipitsin · Tue Jan 05 22:10:46 2021 +0500
  71. b6fc524 MINOR: ssl: make tlskeys_list_get_next() take a list element by Willy Tarreau · Tue Jan 05 10:44:30 2021 +0100
  72. cb8b281 CLEANUP: ssl: Remove useless local variable in tlskeys_list_get_next() by Tim Duesterhus · Sun Jan 03 01:29:56 2021 +0100
  73. 2c7bb33 CLEANUP: ssl: Remove useless loop in tlskeys_list_get_next() by Tim Duesterhus · Sun Jan 03 01:29:55 2021 +0100
  74. e5ff141 CLEANUP: Compare the return value of `XXXcmp()` functions with zero by Tim Duesterhus · Sat Jan 02 22:31:53 2021 +0100
  75. e9473c7 MINOR: ssl: QUIC transport parameters parsing. by Frédéric Lécaille · Mon Nov 23 15:37:11 2020 +0100
  76. ec21652 MINOR: ssl: SSL CTX initialization modifications for QUIC. by Frédéric Lécaille · Mon Nov 23 14:33:30 2020 +0100
  77. 901ee2f MINOR: ssl: Export definitions required by QUIC. by Frédéric Lécaille · Mon Nov 23 11:19:04 2020 +0100
  78. 5aa9241 MINOR: ssl_sock: Initialize BIO and SSL objects outside of ssl_sock_init() by Frédéric Lécaille · Mon Nov 09 15:59:23 2020 +0100
  79. 967e7e7 MEDIUM: xxhash: use the XXH3 functions to generate 64-bit hashes by Dragan Dosen · Tue Dec 22 13:22:34 2020 +0100
  80. af20488 BUILD: ssl: fine guard for SSL_CTX_get0_privatekey call by Ilya Shipitsin · Sat Dec 19 03:12:12 2020 +0500
  81. ec60909 BUILD: SSL: fine guard for SSL_CTX_add_server_custom_ext call by Ilya Shipitsin · Fri Nov 27 02:39:48 2020 +0500
  82. 2ded48d MINOR: connection: make conn_sock_drain() use the control layer's ->drain() by Willy Tarreau · Fri Dec 11 16:20:34 2020 +0100
  83. b7fdfdf MEDIUM: ssl: fatal error with bundle + openssl < 1.1.1 by William Lallemand · Fri Dec 04 15:45:02 2020 +0100
  84. f34ed0b BUILD: SSL: guard TLS13 ciphersuites with HAVE_SSL_CTX_SET_CIPHERSUITES by Ilya Shipitsin · Sat Nov 21 14:37:34 2020 +0500
  85. 06ce84a BUG/MEDIUM: ssl: error when no certificate are found by William Lallemand · Fri Nov 20 15:36:13 2020 +0100
  86. bdec3ba BUILD: ssl: use SSL_MODE_ASYNC macro instead of OPENSSL_VERSION by Ilya Shipitsin · Sat Nov 14 01:56:34 2020 +0500
  87. f69cd68 BUG/MINOR: ssl: segv on startup when AKID but no keyid by William Lallemand · Thu Nov 19 16:24:13 2020 +0100
  88. f637044 MEDIUM: cli/ssl: configure ssl on server at runtime by William Dauchy · Sat Nov 14 19:25:33 2020 +0100
  89. 034c162 MEDIUM: stats: add counters for failed handshake by Amaury Denoyelle · Fri Nov 13 16:05:00 2020 +0100
  90. f70b7db MINOR: ssl: remove client hello counters by Amaury Denoyelle · Fri Nov 13 16:04:59 2020 +0100
  91. fc633b6 CLEANUP: config: Return ERR_NONE from config callbacks instead of 0 by Christopher Faulet · Fri Nov 06 15:24:23 2020 +0100
  92. 4299528 BUILD: ssl: silence build warning on uninitialised counters by Willy Tarreau · Fri Nov 06 13:19:18 2020 +0100
  93. d0447a7 MINOR: ssl: add counters for ssl sessions by Amaury Denoyelle · Tue Nov 03 17:10:02 2020 +0100
  94. fbc3377 MINOR: ssl: count client hello for stats by Amaury Denoyelle · Tue Nov 03 17:10:01 2020 +0100
  95. 9963fa7 MINOR: ssl: instantiate stats module by Amaury Denoyelle · Tue Nov 03 17:10:00 2020 +0100
  96. 6d27a92 BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher by Willy Tarreau · Thu Nov 05 19:38:05 2020 +0100
  97. 0aa8c29 BUILD: ssl: use feature macros for detecting ec curves manipulation support by Ilya Shipitsin · Wed Nov 04 00:39:07 2020 +0500
  98. 04a5a44 BUILD: ssl: use HAVE_OPENSSL_KEYLOG instead of OpenSSL versions by Ilya Shipitsin · Tue Nov 03 14:15:38 2020 +0500
  99. b9b84a4 BUILD: ssl: more elegant OpenSSL early data support check by Ilya Shipitsin · Sat Oct 24 23:42:30 2020 +0500
  100. a73a222 BUG/MEDIUM: ssl: OCSP must work with BoringSSL by Emmanuel Hocdet · Mon Oct 26 13:55:30 2020 +0100